226 lines
7.9 KiB
Python
226 lines
7.9 KiB
Python
"""Credential management CLI commands.
|
|
|
|
Provides `skyvern credentials add/list/get/delete` for managing stored
|
|
credentials. Passwords and secrets are collected via getpass (stdin) so they
|
|
never appear in shell history or LLM conversation logs.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import os
|
|
|
|
import typer
|
|
from dotenv import load_dotenv
|
|
from rich.table import Table
|
|
|
|
from skyvern.client import Skyvern
|
|
from skyvern.client.types.non_empty_credit_card_credential import NonEmptyCreditCardCredential
|
|
from skyvern.client.types.non_empty_password_credential import NonEmptyPasswordCredential
|
|
from skyvern.client.types.secret_credential import SecretCredential
|
|
from skyvern.config import settings
|
|
from skyvern.utils.env_paths import resolve_backend_env_path
|
|
|
|
from .console import console
|
|
|
|
credentials_app = typer.Typer(help="Manage stored credentials for secure login.")
|
|
|
|
|
|
@credentials_app.callback()
|
|
def credentials_callback(
|
|
ctx: typer.Context,
|
|
api_key: str | None = typer.Option(
|
|
None,
|
|
"--api-key",
|
|
help="Skyvern API key",
|
|
envvar="SKYVERN_API_KEY",
|
|
),
|
|
) -> None:
|
|
"""Store API key in Typer context."""
|
|
ctx.obj = {"api_key": api_key}
|
|
|
|
|
|
def _get_client(api_key: str | None = None) -> Skyvern:
|
|
"""Instantiate a Skyvern SDK client using environment variables."""
|
|
load_dotenv(resolve_backend_env_path())
|
|
key = api_key or os.getenv("SKYVERN_API_KEY") or settings.SKYVERN_API_KEY
|
|
return Skyvern(base_url=settings.SKYVERN_BASE_URL, api_key=key)
|
|
|
|
|
|
@credentials_app.command("add")
|
|
def add_credential(
|
|
ctx: typer.Context,
|
|
name: str = typer.Option(..., "--name", "-n", help="Human-readable credential name"),
|
|
credential_type: str = typer.Option(
|
|
"password",
|
|
"--type",
|
|
"-t",
|
|
help="Credential type: password, credit_card, or secret",
|
|
),
|
|
username: str | None = typer.Option(None, "--username", "-u", help="Username (for password type)"),
|
|
) -> None:
|
|
"""Create a credential with secrets entered securely via stdin."""
|
|
valid_types = ("password", "credit_card", "secret")
|
|
if credential_type not in valid_types:
|
|
console.print(f"[red]Invalid credential type: {credential_type}. Use one of: {', '.join(valid_types)}[/red]")
|
|
raise typer.Exit(code=1)
|
|
|
|
client = _get_client(ctx.obj.get("api_key") if ctx.obj else None)
|
|
|
|
if credential_type == "password":
|
|
if not username:
|
|
username = typer.prompt("Username")
|
|
password = typer.prompt("Password", hide_input=True)
|
|
if not password:
|
|
console.print("[red]Password cannot be empty.[/red]")
|
|
raise typer.Exit(code=1)
|
|
totp = typer.prompt("TOTP secret (leave blank to skip)", default="", hide_input=True)
|
|
credential = NonEmptyPasswordCredential(
|
|
username=username,
|
|
password=password,
|
|
totp=totp if totp else None,
|
|
)
|
|
|
|
elif credential_type == "credit_card":
|
|
card_number = typer.prompt("Card number", hide_input=True)
|
|
if not card_number:
|
|
console.print("[red]Card number cannot be empty.[/red]")
|
|
raise typer.Exit(code=1)
|
|
cvv = typer.prompt("CVV", hide_input=True)
|
|
if not cvv:
|
|
console.print("[red]CVV cannot be empty.[/red]")
|
|
raise typer.Exit(code=1)
|
|
exp_month = typer.prompt("Expiration month (MM)")
|
|
exp_year = typer.prompt("Expiration year (YYYY)")
|
|
brand = typer.prompt("Card brand (e.g. visa, mastercard)")
|
|
holder_name = typer.prompt("Cardholder name")
|
|
credential = NonEmptyCreditCardCredential(
|
|
card_number=card_number,
|
|
card_cvv=cvv,
|
|
card_exp_month=exp_month,
|
|
card_exp_year=exp_year,
|
|
card_brand=brand,
|
|
card_holder_name=holder_name,
|
|
)
|
|
|
|
else:
|
|
secret_value = typer.prompt("Secret value", hide_input=True)
|
|
if not secret_value:
|
|
console.print("[red]Secret value cannot be empty.[/red]")
|
|
raise typer.Exit(code=1)
|
|
secret_label = typer.prompt("Secret label (leave blank to skip)", default="")
|
|
credential = SecretCredential(
|
|
secret_value=secret_value,
|
|
secret_label=secret_label if secret_label else None,
|
|
)
|
|
|
|
try:
|
|
result = client.create_credential(
|
|
name=name,
|
|
credential_type=credential_type,
|
|
credential=credential,
|
|
)
|
|
except Exception as e:
|
|
console.print(f"[red]Failed to create credential: {e}[/red]")
|
|
raise typer.Exit(code=1)
|
|
|
|
console.print(f"[green]Created credential:[/green] {result.credential_id}")
|
|
|
|
|
|
@credentials_app.command("list")
|
|
def list_credentials(
|
|
ctx: typer.Context,
|
|
page: int = typer.Option(1, "--page", help="Page number"),
|
|
page_size: int = typer.Option(10, "--page-size", help="Results per page"),
|
|
) -> None:
|
|
"""List stored credentials (metadata only, never passwords)."""
|
|
client = _get_client(ctx.obj.get("api_key") if ctx.obj else None)
|
|
|
|
try:
|
|
credentials = client.get_credentials(page=page, page_size=page_size)
|
|
except Exception as e:
|
|
console.print(f"[red]Failed to list credentials: {e}[/red]")
|
|
raise typer.Exit(code=1)
|
|
|
|
if not credentials:
|
|
console.print("No credentials found.")
|
|
return
|
|
|
|
table = Table(title="Credentials")
|
|
table.add_column("ID", style="cyan")
|
|
table.add_column("Name", style="green")
|
|
table.add_column("Type")
|
|
table.add_column("Details")
|
|
|
|
for cred in credentials:
|
|
details = ""
|
|
c = cred.credential
|
|
if hasattr(c, "username"):
|
|
details = f"username={c.username}"
|
|
elif hasattr(c, "last_four"):
|
|
details = f"****{c.last_four} ({c.brand})"
|
|
elif hasattr(c, "secret_label") and c.secret_label:
|
|
details = f"label={c.secret_label}"
|
|
table.add_row(cred.credential_id, cred.name, str(cred.credential_type), details)
|
|
|
|
console.print(table)
|
|
|
|
|
|
@credentials_app.command("get")
|
|
def get_credential(
|
|
ctx: typer.Context,
|
|
credential_id: str = typer.Argument(..., help="Credential ID (starts with cred_)"),
|
|
) -> None:
|
|
"""Show metadata for a single credential."""
|
|
client = _get_client(ctx.obj.get("api_key") if ctx.obj else None)
|
|
|
|
try:
|
|
cred = client.get_credential(credential_id)
|
|
except Exception as e:
|
|
console.print(f"[red]Failed to get credential: {e}[/red]")
|
|
raise typer.Exit(code=1)
|
|
|
|
table = Table(title=f"Credential: {cred.name}")
|
|
table.add_column("Field", style="cyan")
|
|
table.add_column("Value")
|
|
|
|
table.add_row("ID", cred.credential_id)
|
|
table.add_row("Name", cred.name)
|
|
table.add_row("Type", str(cred.credential_type))
|
|
|
|
c = cred.credential
|
|
if hasattr(c, "username"):
|
|
table.add_row("Username", c.username)
|
|
if hasattr(c, "totp_type") and c.totp_type:
|
|
table.add_row("TOTP Type", str(c.totp_type))
|
|
elif hasattr(c, "last_four"):
|
|
table.add_row("Card Last Four", c.last_four)
|
|
table.add_row("Card Brand", c.brand)
|
|
elif hasattr(c, "secret_label") and c.secret_label:
|
|
table.add_row("Secret Label", c.secret_label)
|
|
|
|
console.print(table)
|
|
|
|
|
|
@credentials_app.command("delete")
|
|
def delete_credential(
|
|
ctx: typer.Context,
|
|
credential_id: str = typer.Argument(..., help="Credential ID to delete (starts with cred_)"),
|
|
yes: bool = typer.Option(False, "--yes", "-y", help="Skip confirmation prompt"),
|
|
) -> None:
|
|
"""Permanently delete a stored credential."""
|
|
if not yes:
|
|
confirm = typer.confirm(f"Delete credential {credential_id}?")
|
|
if not confirm:
|
|
console.print("Aborted.")
|
|
raise typer.Exit()
|
|
|
|
client = _get_client(ctx.obj.get("api_key") if ctx.obj else None)
|
|
|
|
try:
|
|
client.delete_credential(credential_id)
|
|
except Exception as e:
|
|
console.print(f"[red]Failed to delete credential: {e}[/red]")
|
|
raise typer.Exit(code=1)
|
|
|
|
console.print(f"[green]Deleted credential:[/green] {credential_id}")
|